Privacy Policy
v1.0 · April 10, 2026
1. Data controller
MADARINA d.o.o., Trg osvoboditve 3, 2230 LENART V SLOVENSKIH GORICAH, registration number: 6127851000, tax number: SI17595231
Email: [email protected]
Dual role: For telephone calls that the AI processes on behalf of our clients, fonko.ai acts as a data processor (Art. 28 GDPR). For our own website, registration, and client relationships, fonko.ai is the data controller.
2. Data protection contact
Contact: [email protected] (or [email protected]). No formal DPO is currently appointed.
3. What data we process
3.1. Website visitors
- IP address, browser type, device
- Cookies (see Cookie Policy)
- Contact form submissions
3.2. Subscribers (business clients)
- Name, surname, email, phone number
- Company data (name, address, registration and tax number)
- Payment data (processed via Stripe)
- Service usage data
3.3. Data processed via the AI agent (fonko.ai as processor)
- Voice recordings of conversations
- Text transcriptions
- Caller’s phone number (CLI)
- Date, time, and duration of call
- Content shared by the caller
Callers: to exercise your data rights regarding a call, please contact the company you called — they are the data controller.
4. Purposes and legal bases
| PURPOSE | LEGAL BASIS |
|---|---|
| Contract performance | Art. 6(1)(b) GDPR |
| Invoicing | Art. 6(1)(c) GDPR |
| Customer support | Art. 6(1)(b) GDPR |
| Call processing on behalf of Subscriber | Art. 28 GDPR — per the controller’s instructions |
| Marketing own services | Art. 6(1)(f) GDPR — legitimate interest |
| Website analytics | Art. 6(1)(a) GDPR — consent |
| System security | Art. 6(1)(f) GDPR — legitimate interest |
| Legal obligations | Art. 6(1)(c) GDPR |
5. Retention periods
| DATA TYPE | RETENTION PERIOD |
|---|---|
| Accounting records | 10 years (Slovenian tax law) |
| Subscription relationship | Duration + 5 years |
| Voice recordings | 30 days |
| Transcriptions | 12 months |
| System logs | 12 months |
| Marketing (consent) | Until withdrawal |
| Website visitor data | Maximum 14 months |
6. Recipients / sub-processors
We use sub-processors to deliver our service. Up-to-date list: https://fonko.ai/sub-processors
| SUB-PROCESSOR | PURPOSE | LOCATION |
|---|---|---|
| Digital Ocean (hosting) | Hosting | EU/US (DigitalOcean Holdings, Inc.) |
| Clerk (hosting) | Hosting | EU/US (Clerk, Inc.) |
| Convex (hosting) | Hosting | EU/US (Convex, Inc.) |
| Soniox (STT) | Speech-to-text | EU/US (Soniox Inc.) |
| Open AI (LLM) | Language model | US (OpenAI Group PBC) |
| Open AI (TTS) | Text-to-speech | US (OpenAI Group PBC) |
| DIDWW (telephony) | Telephony | Ireland (DIDWW Ireland Limited) |
| Stripe | Payments | EU/US (Stripe LLC) |
| Resend (email) | Transactional email | US (Plus Five Five, Inc.) |
| Google Analytics | Analytics | US (Google LLC) |
| Meta Pixel | Advertising | US (Meta Platforms) |
7. International data transfers
Where processing occurs outside the EEA, appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) — Commission Decision 2021/914
- Transfer Impact Assessment (TIA)
- Supplementary technical measures (encryption, pseudonymization)
- Where applicable: EU-US Data Privacy Framework (DPF)
8. Your rights
Under GDPR, you have the following rights:
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18)
- Portability (Art. 20), objection (Art. 21), automated decision-making (Art. 22)
- Withdrawal of consent at any time
Contact: [email protected]. We will respond within 30 days.
9. Supervisory authority
Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, [email protected], www.ip-rs.si
10. Security measures
- Encryption in transit (TLS 1.2+) and at rest
- Role-based access control (RBAC)
- Regular security updates and vulnerability management
- NDAs with all personnel
- Incident response plan; notification to supervisory authority within 72 hours
- Regular data protection training
11. Cookies
The fonko.ai website uses cookies, including analytics (Google Analytics) and advertising (Meta Pixel) cookies. Details are in our separate Cookie Policy at https://fonko.ai/cookies.
12. Automated decision-making
The fonko.ai system does not make automated decisions with legal or similarly significant effects under Art. 22 GDPR. The AI processes and relays information; final decisions are made by the Subscriber.
13. Changes to this policy
Material changes will be communicated at least 15 days before they take effect, via email or a notice on our website.